Problem: Joining or rejoining a netapp is not possible

Knowledge Base Community
, , ,
#1

Problem:

Joining or rejoining a netapp is not possible
You get this error message from the netapp join.

netapp::> vserver cifs create -vserver nap88 -cifs-server nap88 -domain schein.ig -ou CN=Computers -default-site "" -status-admin up -comment "" -netbios-aliases nap88

In order to create an Active Directory machine account for the CIFS server, you must supply the name and password of a Windows account with sufficient privileges to add computers to the "CN=Computers"
container within the "SCHEIN.IG" domain.

Enter the user name: Administrator

Enter the password:

Error: Machine account creation procedure failed
  [  2611] Loaded the preliminary configuration.
  [  3412] Created a machine account in the domain
  [  3413] SID to name translations of Domain Users and Admins
           completed successfully
  [  3414] Successfully connected to 212.227.15.41:88 using TCP
  [  3622] Successfully connected to 212.227.15.41:464 using TCP
  [  3756] Kerberos password set for 'NAP88$@SCHEIN.IG' succeeded
  [  3756] Set initial account password
  [  3866] Successfully connected to 212.227.15.41:445 using TCP
  [  4340] Unable to connect to NetLogon service on
           wayland.schein.ig (Error: RESULT_ERROR_GENERAL_FAILURE)
**[  4341] FAILURE: Unable to make a connection
**         (NetLogon:SCHEIN.IG), result: 3
  [  4341] Unable to make a NetLogon connection to
           master.schein.ig using the new machine account
  [  4397] Deleted existing account
           'CN=NAP88,CN=Computers,DC=schein,DC=ig'

Error: command failed: Failed to create the Active Directory machine account "NAP88". Reason: general failure.

Solution:

This problem may occur if the netapp tries to set a password, like ā€œInitialize password with hostnameā€ via UMC. There is the general password check validating 8 characters.

So to join the netapp these steps are nessessary

Step 1:

You should add computer accound for the netapp manually and change the password to the ā€œhostnameā€

root@master:~# eval "$(ucr shell)"; udm computers/windows create --position "cn=computers,$ldap_base" --set name=nap88  --set password=univention
kpasswdObject created: cn=nap88,cn=computers,dc=schein,dc=ig
root@master:~# kpasswd 'nap88$'
nap88$@SCHEIN.IG's Password: <nap88> als password
New password for nap88$@SCHEIN.IG:
Verify password - New password for nap88$@SCHEIN.IG:
Success : Password changed

Step 2

Join the netapp, with parameters like:

  • using the existing account
  • using connection with TLS, SMB2 and AES

see also:

1 Like
#2
Mastodon